Skip to main content
CVE-2023-3020 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS I Librarian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3005 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Local Service Search Engine Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26131 MEDIUM POC This Month

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Algernon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28350 MEDIUM POC This Month

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microsoft Insight
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-33971 MEDIUM POC This Month

Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Form Creator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3021 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS I Librarian
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3017 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lost And Found Information System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-31548 MEDIUM POC This Month

A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-26842 MEDIUM POC This Month

A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2023-3009 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33736 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dcat Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2758 MEDIUM POC This Month

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Conprosys Hmi System
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-28345 MEDIUM POC This Month

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-2836 MEDIUM POC PATCH This Month

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Crm Perks Forms
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2304 MEDIUM PATCH This Month

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Favorites
NVD
CVSS 3.1
6.4
EPSS
1.1%
CVE-2023-33979 MEDIUM PATCH This Month

gpt_academic provides a graphical interface for ChatGPT/GLM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Docker Gpt Academic
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34228 MEDIUM This Month

In JetBrains TeamCity before 2023.05 authentication checks were missing - 2FA was not checked for some sensitive account actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1661 MEDIUM This Month

The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 1.0.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Display Post Meta Term Meta Comment Meta And User Meta
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-33732 MEDIUM This Month

Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-3016 MEDIUM This Month

A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Vip Video Analysis
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3014 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Beipyvideoresolution
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34226 MEDIUM This Month

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-34222 MEDIUM This Month

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2999 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2998 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3006 MEDIUM PATCH This Month

A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Code Injection Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34256 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.3.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Linux Enterprise +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33287 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Inline Table Editing
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34088 MEDIUM This Month

Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Collabora Online
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34229 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34225 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
60.7%
CVE-2023-34221 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34220 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
61.2%
CVE-2023-2547 MEDIUM PATCH This Month

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Feather Login Page
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34223 MEDIUM This Month

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-34224 MEDIUM This Month

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-2612 MEDIUM PATCH This Month

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. Rated medium severity (CVSS 4.7).

Ubuntu Denial Of Service Linux Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-2436 MEDIUM PATCH This Month

The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 2.0.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Blog In Blog
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-34219 MEDIUM This Month

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-23562 MEDIUM This Month

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy